Claims 1-31 remain pending. No claims have been added, cancelled, or 
amended. 

Claims 1-31 were rejected under 35 U.S.C. §112, first paragraph, as failing to 
comply with the written description requirement. The Examiner suggested that the 
limitations of "the record ID being a random record ID generated for tracking 
authentication data and disassociating the authentication data from other client identity 
data" is not sufficiently described by the application as originally filed. Applicants 
respectfully disagree. 

In particular, the Specification, on page 14, lines 7-13 states: "For one 
embodiment, database 510 includes a client ID, or record ID 515, which identifies the 
client. For one embodiment, the client ID 515 is randomly generated at the time the 
client registers with the authentication server 220." 

Furthermore, the Specification on page 20, lines 1-7 states: "At block 635, an 
anonymous record is created for the user. The anonymous record includes the user's 
biometric data. At block 640, a record ID is generated for the anonymous record. For 
one embodiment, the record ID is generated randomly." 

Thus, the anonymity of record, which is created for the user's biometric data is 
noted, and the Specification clarifies that the anonymous record includes the user's 
identity information, i.e. biometric data. Furthermore, a randomly generated record ID is 
generated for the anonymous record . Therefore, it is clear from the Specification that 
the record ID is used to dissociate the user's identity information from the user's 
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authentication information. This is the definition of anonymous record . The use of such 
a record ID in combination with the anonymous record is designed to provide additional 
security, in that even if the authentication database is compromised, it is not possible to 
identify the individual whose authentication data is obtained. Thus, it should be clear 
that the randomly generated record ID is used for an anonymous record. 

Claims 1-6, 8, 9, 1 1-14, 17, 20-24, 26, 27 and 29-31 were rejected under 35 
U.S.C. §1 03(a) over U.S. Patent No. 6,594,376 to Hoffman, et al. (hereinafter 
"Hoffman"). 

Hoffman discusses tokenless authorization of commercial transactions between 

a buyer and a seller. However, Applicants fail to find any mention of record IDs 

associated with anonymous records. The Examiner points to a listing of software 

applications, and where they are stored in a biometric input apparatus (BIA), and the 

clearing of registers. However, this does not address how Hoffman stores biometric 

data. Hoffman does address the storage of biometric data on the server. With respect 

to the biometric data being stored, Hoffman states: 

Individual Biometric Database (IBD) records store personal information on 
buyers for both identification as well as authentication. This information includes 
their primary and secondary biometrics, one or more PIN codes, a list of financial 
accounts, account index codes, account index names, private code, one or more 
emergency account index codes, address, and phone number. The buyer may 
optionally include this SSN. This information is necessary for identifying a buyer 
either bv biometric or personal information , for accessing related information, or 
for providing an address or phone number to remote sellers for additional 
verification. 

(Hoffman, column 33, line 13-25) (emphasis added). 

Clearly, Hoffman specifically teaches way from a record ID which is "a random 
number generated for tracking authentication data and disassociating the authentication 
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data from other client identity data." The biometric records include not only names and 
telephone numbers, but also possibly social security numbers! 

Claim 1 recites in part "receiving a record ID for a user, the record ID being a 
random number generated for tracking authentication data and disassociating the 
authentication data from other client identity data." As noted above, Hoffman 
specifically teaches away from a record ID being a random number used for tracking 
authentication data and for disassociating the authentication data from other client 
identity data. Therefore, claim 1 , and claims 2-13 which depend on it, are not obvious 
over Hoffman. 

Claim 14 recites in part "looking up a record ID associated with the user, the 
record ID being a random number generated to track the user's authentication data and 
used to separate the user's other identity information from the authentication data." As 
noted above, Hoffman specifically teaches away from a record ID used to separate the 
user's other identity information from the authentication data. Therefore, claim 14, and 
claims 15-16 which depend on it, are not obvious over Hoffman. 

Claim 17 similarly recites in part: "the record ID being a randomly generated 
number used to separate the user's other identity information from the user's 
authentication data." As noted above, Hoffman specifically teaches away from a record 
ID randomly generated to separate the user's identity from authentication data. 
Therefore, claim 17, and claims 18-31 which depend on it, are not obvious over 
Hoffman. 

Claims 7, 10, 25 and 28 were rejected under 35 U.S.C. §1 03(a) over Hoffman 
and further in view of U.S. Patent No. 6,581 ,161 to Byford. 
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Byford teaches the use of biometric data for authentication. However, Byford 
does not teach or suggest the use of a record ID in this context. Therefore, Byford does 
not overcome the shortcomings of Hoffman discussed above. Thus, claims 7, 10, 25, 
and 28 are not obvious over Hoffman in view of Byford. 

Claims 15, 16, 18 and 21 were rejected under 35 U.S.C. §1 03(a) over Hoffman 
and further in view of U.S. Patent No. 5,692,106 to Towers, et al. (hereinafter "Towers"). 

Towers discusses the determination of authentication policy associated with a 
user. However, Towers does not teach or suggest the use of a record ID in this context. 
Therefore, Towers does not overcome the shortcomings of Hoffman discussed above. 
Thus, claims 15, 16, 18 and 21 are not obvious over Hoffman in view of Towers. 

Claims 19 and 22 were rejected under 35 U.S.C. §1 03(a) over Hoffman and 
further in view of U.S. No. 6,1 19,227 to Mao. 

Mao discusses nonce generation to be included with user authentication data. 
However, Mao does not teach or suggest the use of a record ID in this context. 
Therefore, Mao does not overcome the shortcomings of Hoffman discussed above. 
Thus, claims 19 and 22 are not obvious over Hoffman in view of Mao. 

Applicant respectfully submits that in view of the amendments and discussion set 
forth herein, the applicable rejections have been overcome. Accordingly, the present 
and amended claims should be found to be in condition for allowance. 

If a telephone interview would expedite the prosecution of this application, the 
Examiner is invited to contact Judith Szepesi at (408) 720-8300. 
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If there are any additional charges/credits, please charge/credit our deposit 
account no. 02-2666. 




Respectfully submitted, 

BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP 



Dated 



, 2006 
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